Injecting multiple dll's

Oct 25, 2013 at 2:45 AM
Hi,

I need to inject multiple dll's into a remote process with the unmanaged api. RhCreateAndInject only takes one dll so I was going to try and create the process suspended using CreateProcess, call RhInjectLibrary multiple times, and then resume the process myself. Would this work or should I really only inject one dll?

-Greg
Nov 8, 2013 at 1:58 AM
I was able to get this working...
Nov 18, 2013 at 7:07 PM
Hi,

I have the same problem. How did you get it working, Greg?
I modified FileMon in order to hook DrawText and BeginPaint as below. The idea is to get the handle of the current window from BeginPaint while the text written to that window is obtained from DrawText.
Both hooks work individually when commenting out the hooking part of the other one. To be more precise: If I comment out the lines from Config.Register() to RemoteHooking.Inject() for DrawText then the BeginPaint hook will work and the other way round.
Can you tell me what I am doing wrong? Thank you very much for your help.

Michael
    public static void StartDrawTextHook(int TargetPID)
    {
        string ChannelName = null;

        try
        {
            Config.Register(
                "DrawText Hook",
                "FileMon.exe",
                "FileMonInject.dll");
        }
        catch (ApplicationException)
        {
            MessageBox.Show("This is an administrative task!", "Permission denied...", MessageBoxButtons.OK);
            System.Diagnostics.Process.GetCurrentProcess().Kill();
        }

        RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);

        RemoteHooking.Inject(
            TargetPID,
            "FileMonInject.dll",
            "FileMonInject.dll",
            ChannelName);

        ChannelName = null;

        try
        {
            try
            {
                Config.Register(
                    "BeginPaint Hook.",
                    "FileMon.exe",
                    "BeginPaintInject.dll");
            }
            catch (ApplicationException)
            {
                MessageBox.Show("This is an administrative task!", "Permission denied...", MessageBoxButtons.OK);
                System.Diagnostics.Process.GetCurrentProcess().Kill();
            }

            RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);

            RemoteHooking.Inject(
                TargetPID,
                "BeginPaintInject.dll",
                "BeginPaintInject.dll",
                ChannelName);


            Console.ReadLine();


        }
        catch (Exception ExtInfo)
        {
            Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString());
        }
    }
Nov 19, 2013 at 6:11 PM
Hi Michael,

Maybe try one call to Config.Register instead of two? Something like:
Config.Register("BeginPaint Hook.", "FileMon.exe", "FileMonInject.dll", "BeginPaintInject.dll");
-Greg
Nov 19, 2013 at 8:05 PM
Hi Greg,

Both hooks seem to work now. It still looks a bit messy though. I have to figure out how I can put together the info of both hooks in order to know which window DrawText is writing to. I might be back with more questions :-)
Thank you very much.

Michael
Feb 18, 2014 at 8:28 AM
With 2.7 you do not need to register into the GAC either. This might make things easier.